Google exposes ‘Poodle’ flaw in Web encryption standard

An excerpt from the Article by Seth Rosenblatt ( @sethr)

Older Web technology continues to be dogged by revelations that show how insecure it is. A trio of Google security engineers proved that the encryption standard Secure Socket Layer can be circumvented thanks to a new vulnerability they dubbed “POODLE.”

POODLE is a new security hole in Secure Socket Layer (SSL) 3.0 that makes the 15-year-old protocol nearly impossible to use safely, said Google security engineers Bodo Möller, Krzysztof Kotowicz and Thai Duong in a new report published on Tuesday.

The vulnerability allows encrypted, ostensibly-secret information to be exposed by an attacker with network access. POODLE, which stands for Padding Oracle On Downgraded Legacy Encryption (PDF), is a problem because it’s used by both websites and Web browsers. Both must be reconfigured to prevent using SSL 3.0, and POODLE will remain a problem as long as SSL 3.0 is supported.

While SSL 3.0 is no longer the most advanced form of Web encryption in use, Möller explained browsers and secure HTTP servers still need it in case they encounter errors in Transport Layer Security (TLS), SSL’s more modern, less vulnerable younger sibling.

The good news is that not much of the Web relies on SSL 3.0 anymore. A study by the University of Michigan shows that few sites rely on SSL 3.0 for anything. Less than 0.3 percent of communication between site and server depends on SSL 3.0, while 0.42 percent of the top 1 million domains on Alexa use it in even partially.

The reason that POODLE is a problem is that attackers can force your browser to downgrade to SSL 3.0.

If either browser or server runs into problems connecting with TLS, sites and browsers will often fall back to SSL. The problem is that attackers can force a connection failure which would force a site to use SSL 3.0, which would then expose it to hackers.

Because disabling SSL 3.0 outright causes compatibility problems for sites and servers, Möller recommended that administrators for both add support for TLS_FALLBACK_SCSV, a TLS protocol that blocks attackers from conning browsers into downgrading to not only SSL 3.0, but TLS 1.0 and 1.1 as well. It “may help prevent future attacks,” he wrote.

Möller said that Google Chrome and Google servers have supported this solution “since February,” which he said proves that it can be used without compatibility problems.

Robert Hansen, a browser specialist at the security firm White Hat Security, compared POODLE to another widespread vulnerability — Firesheep. Firesheep was a browser add-on that can grab unencrypted communications over the Web. While Firesheep could be defeated by using encryption, POODLE is a problem because the flaw lies with the encryption itself.

“[POODLE] is pretty bad,” Hansen told CNET, “But you have to keep in mind that it only affects a Man-In-The-Middle situation,” an attack where the hacker surreptitiously intercepts network traffic.

Legacy browsers are especially at risk, most notably Internet Explorer 6, which only supports SSL 3.0 and none of the encryption protocol that followed.

Hansen noted that there haven’t been any publicly-known attacks using POODLE yet, but he said it’s only a matter of time until there’s a tool to help hackers exploit POODLE.

“Once somebody creates a tool like Firesheep, then this gets more serious,” he said. “We possibly could see one by the end of the week.”

Research analyst Andrew Conway, who works for the Web and messaging security analysis firm CloudMark, highlighted the fact that an attack using POODLE would be “very difficult to implement.”

That, he said, makes it a bad exploit for your run-of-the-mill cybercriminal, but a potentially attractive one to “national security services” which could use it to spy on “high value targets.”

“The NSA, GCHQ and Russian and Chinese intelligence all have access to Internet traffic in and out of their countries, as well as the skills and resources to implement this attack,” Conway said. “I could imagine that it might be used against military and intelligence targets that use encrypted communications as a matter of course.”

Although Hansen didn’t specifically mention government surveillance, he did add that public Wi-Fi networks and Tor exit nodes could be likely spots to see POODLE exploits — which would fit with Conway’s analysis.

Smarthome Overland Park, Home Automation Overland park, Smarthome Kansas City, Home Automation Kansas City, Smarthome Overland Park, Home Automation Overland park, Smarthome Kansas City, Home Automation Kansas City, Smarthome Overland Park, Home Automation Overland park, Smarthome Kansas City, Home Automation Kansas City, Smarthome Overland Park, Home Automation Overland park, Smarthome Kansas City, Home Automation Kansas City